General

  • Target

    Dexo.exe

  • Size

    70.7MB

  • Sample

    231208-t1kcqabagj

  • MD5

    44d7fb54475ab7a7fe1e5784eba642e8

  • SHA1

    639603626a24c7734c51dd30b0084d9318930a7b

  • SHA256

    2f47c1489a1484d1ef779ddaab01e9bee35210ad9c36a696ae1917a15b5628e5

  • SHA512

    113b3778e8ac066793ce396b7f9c26f3af63565846cf97b27cf2ea2f3d7078659dbe399e30247be182520440414f4def125b8d42ffb0ec0a41ab12778333aea5

  • SSDEEP

    1572864:G4/4rzOchPDjhr5Vig5tA8L2ownv/FuRC/B1QDppZnEgBxAOZV1GJ7:NkqcdDjVegb2nvMw/3QFD9Bun7

Malware Config

Targets

    • Target

      Dexo.exe

    • Size

      70.7MB

    • MD5

      44d7fb54475ab7a7fe1e5784eba642e8

    • SHA1

      639603626a24c7734c51dd30b0084d9318930a7b

    • SHA256

      2f47c1489a1484d1ef779ddaab01e9bee35210ad9c36a696ae1917a15b5628e5

    • SHA512

      113b3778e8ac066793ce396b7f9c26f3af63565846cf97b27cf2ea2f3d7078659dbe399e30247be182520440414f4def125b8d42ffb0ec0a41ab12778333aea5

    • SSDEEP

      1572864:G4/4rzOchPDjhr5Vig5tA8L2ownv/FuRC/B1QDppZnEgBxAOZV1GJ7:NkqcdDjVegb2nvMw/3QFD9Bun7

    • Irata

      Irata is an Iranian remote access trojan Android malware first seen in August 2022.

    • Irata payload

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks